Cisco Cisco Firepower Management Center 2000
52-6
FireSIGHT System User Guide
Chapter 52 Licensing the FireSIGHT System
Understanding Licensing
Further, you cannot apply a device configuration that includes switching or routing to a managed device
where you have not enabled Control. Additionally, establishing clustering between managed devices
requires that the devices are enabled for Control.
where you have not enabled Control. Additionally, establishing clustering between managed devices
requires that the devices are enabled for Control.
If you delete your Control license from the Defense Center or disable Control on individual devices, the
affected devices do not stop performing switching or routing, nor do device clusters break. Although you
can edit and delete existing configurations, you cannot apply your changes to the affected devices. You
cannot add new switched, routed, or hybrid interfaces, nor can you add new NAT entries, configure
DHCP relay, or establish device clustering. Finally, you cannot reapply existing access control policies
if they include rules with user or application conditions.
affected devices do not stop performing switching or routing, nor do device clusters break. Although you
can edit and delete existing configurations, you cannot apply your changes to the affected devices. You
cannot add new switched, routed, or hybrid interfaces, nor can you add new NAT entries, configure
DHCP relay, or establish device clustering. Finally, you cannot reapply existing access control policies
if they include rules with user or application conditions.
URL Filtering
License:
URL Filtering
Supported Devices:
Series 3, Virtual, X-Series, ASA FirePOWER
Supported Defense Centers:
Any except DC500
URL filtering allows you to write access control rules that determine the traffic that can traverse your
network based on URLs requested by monitored hosts, correlated with information about those URLs,
which is obtained from the Cisco cloud by the Defense Center. To enable URL Filtering, you must also
enable a Protection license.
network based on URLs requested by monitored hosts, correlated with information about those URLs,
which is obtained from the Cisco cloud by the Defense Center. To enable URL Filtering, you must also
enable a Protection license.
Tip
Without a URL Filtering license, you can specify individual URLs or groups of URLs to allow or block.
This gives you granular, custom control over web traffic, but does not allow you to use URL category
and reputation data to filter network traffic.
This gives you granular, custom control over web traffic, but does not allow you to use URL category
and reputation data to filter network traffic.
URL filtering requires a subscription-based URL Filtering license. Although you can add category and
reputation-based URL conditions to access control rules without a URL Filtering license, the Defense
Center will not contact the cloud for URL information. You cannot apply the access control policy until
you first add a URL Filtering license to the Defense Center, then enable it on the devices targeted by the
policy.
reputation-based URL conditions to access control rules without a URL Filtering license, the Defense
Center will not contact the cloud for URL information. You cannot apply the access control policy until
you first add a URL Filtering license to the Defense Center, then enable it on the devices targeted by the
policy.
You may lose access to URL filtering if you delete the license from the Defense Center or disable URL
Filtering on managed devices. Also, URL Filtering licenses may expire. If your license expires or if you
delete or disable it, access control rules with URL conditions immediately stop filtering URLs, and your
Defense Center can no longer contact the cloud. You cannot reapply existing access control policies if
they include rules with category and reputation-based URL conditions.
Filtering on managed devices. Also, URL Filtering licenses may expire. If your license expires or if you
delete or disable it, access control rules with URL conditions immediately stop filtering URLs, and your
Defense Center can no longer contact the cloud. You cannot reapply existing access control policies if
they include rules with category and reputation-based URL conditions.
Malware
License:
Malware
Supported Devices:
Series 3, Virtual, X-Series, ASA FirePOWER
Supported Defense Centers:
Any except DC500
A Malware license allows you to perform advanced malware protection, that is, use managed devices to
detect and block malware in files transmitted over your network. To enable Malware on a managed
device, you must also enable Protection.
detect and block malware in files transmitted over your network. To enable Malware on a managed
device, you must also enable Protection.
You configure malware detection as part of a file policy, which you then associate with one or more
access control rules. File policies can detect your users uploading or downloading files of specific types
over specific application protocols. The Malware license allows you to inspect a restricted set of those
file types for malware, as well as download and submit specific file types to the Cisco cloud for dynamic
access control rules. File policies can detect your users uploading or downloading files of specific types
over specific application protocols. The Malware license allows you to inspect a restricted set of those
file types for malware, as well as download and submit specific file types to the Cisco cloud for dynamic